Telecom Namibia investigates cyberattack, tightens security measures

Telecom Namibia (TN) is pursuing several leads following a cyberattack at the end of last year.

TN chief executive Stanley Shanapinda yesterday said the company is still investigating the root cause of the cyberattack and employees who were on leave have been called back to conduct a forensic analysis.

“We have several leads that we are actively pursuing. Unfortunately, seeing that it is an ongoing criminal investigation, we are not able to share much at this stage,” said Shanapinda.

He emphasised that information in the public interest would only be shared “in consultation with law enforcement”.

In December, some Namibians woke up to their personal information, including identity documents, bank details, customer contracts and internal budget reports covering TN’s operations between 2021 and 2024 making the rounds on the internet.

This was after TN was hacked by Hunters International and lost data worth N$5.4 billion (U$300 million).

The hack exposed about 630 gigabytes of sensitive data of more than 493 000 individuals, ministries, state-owned enterprises and private businesses.

One of the leaked documents seen by The Namibian showed that the company cannot afford its outdated billing system, which caused “excessive increases”.

In the company’s 2024 financial forecast, TN notes that the outdated system led to increased expenses for the company.

“The systems need to be replaced urgently, as TN cannot afford the excessive increases for the billing system service level agreements,” states the forecast.

The costs went from below N$95 million in September 2023 to above N$105 million in 2024, with the forecast predicting a rise to N$135 million.

Windhoek Observer reported in December that an internal audit by TN in 2021 flagged the company’s weaknesses, listing its troubled billing system, lack of controls and record keeping as costing the company N$69.3 million.

The internal report shows that N$100 000 in airtime was credited on one user’s number, while another received airtime worth N$64 761.

The audit shows a vulnerability in the system that allows employees, who have access to make adjustments on the system, to credit certain individuals. This can allow errors and mistakes to go unnoticed.

The 2021 internal audit warned of negative financial impacts, which the 2024 financial forecast confirms.

“It should be handled as a matter of urgency as it directly impacts service delivery and the company’s reputation,” notes the internal audit.

TN depends on Namibia Post and Telecom Holdings Limited to fund a new billing system, with the holding company committing N$235.6 million as a capital contribution.

TN notes that it has closed the loopholes that led to the cyberattack last year, however, no system is ever 100% safe from cyberbreaches.

“The threat vector was addressed during November and December 2024, right after the data breach was detected.”

TN notes that the system will continue being monitored, while security teams and functionalities will be beefed up as part of strengthening its security operation centre.

“TN is and will remain focused on continuous improvements by constantly updating and adapting its internal security measures,” notes TN.